CVE-2015-7937

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01	Vendor Advisory
http://www.securityfocus.com/bid/79622
https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01	Third Party Advisory US Government Resource
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01	Vendor Advisory
http://www.securityfocus.com/bid/79622
https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:schneider-electric:bmxnoc0401:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnoe0100:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnoe0100h:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnoe0110:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnoe0110h:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnor0200:-:::::::*
	cpe:2.3:h:schneider-electric:bmxnor0200h:-:::::::*
	cpe:2.3:h:schneider-electric:bmxpra0100:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::*
	cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:::::::*

History

21 Nov 2024, 02:37

Type	Values Removed	Values Added
References	~~() http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 - Vendor Advisory~~	() http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/79622 -~~	() http://www.securityfocus.com/bid/79622 -
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 - Third Party Advisory, US Government Resource

10 Apr 2024, 12:28

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider-electric:bmxp342020h:-:::::::* cpe:2.3:h:schneider-electric:bmxp342030:-:::::::* cpe:2.3:h:schneider-electric:bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302h:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302:-:::::::*	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:::::::*
First Time		Schneider-electric modicon M340 Bmxp342030 Schneider-electric modicon M340 Bmxp342020 Schneider-electric modicon M340 Bmxp3420302h Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp342020h

Information

Published : 2015-12-21 11:59

Updated : 2024-11-21 02:37

NVD link : CVE-2015-7937

Mitre link : CVE-2015-7937

CVE.ORG link : CVE-2015-7937

JSON object : View

Products Affected

schneider-electric

bmxnoe0110h
modicon_m340_bmxp3420302
bmxnoe0110
modicon_m340_bmxp342020
modicon_m340_bmxp342030
bmxnoe0100
bmxnor0200
modicon_m340_bmxp342020h
bmxnoc0401
bmxnor0200h
modicon_m340_bmxp3420302h
bmxpra0100
bmxnoe0100h

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10